IETF Logo Mail Archive

Re: [Curdle] Comments on draft-ietf-curdle-ssh-ext-info

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 19 March 2017 09:06 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68C0B129481 for <curdle@ietfa.amsl.com>; Sun, 19 Mar 2017 02:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YCngkrF5NbI3 for <curdle@ietfa.amsl.com>; Sun, 19 Mar 2017 02:06:36 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E186B12947F for <curdle@ietf.org>; Sun, 19 Mar 2017 02:06:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1489914396; x=1521450396; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=gsjwBez39zuQj9f6Czbo6j1Di9sq4ZHiQjcTfrNN7iE=; b=aiO0B9I6/qZZixo0H76ML/8nlJaIeosR4/jz0XSPYUfuEILGpZ6OOqQc HTkgp9ptlNV2rGPlCayGQh5mFZouM7qELkzTSTQXp+J7XxtNhSuq4TqAH 7nrbVQHJppVfv/ljCHpo6X6sizOuNhmuoGBopEDC3rOSEvG0/Qu7UILpR YlDDW+3P0GwckeedmVxDRVLSgQVMbK60/B4khJDybzds05NN0nUbf0k7l FgQNOpEbuqV4uQ4xoJ2EpfkDldsB7FXIqGFZDR7sU2ftn0tkIx1EWlPJJ /qYuTfboaPObTrErEA+UfY1z6QpJCb/++nEarIFcr9IjFiE/QhLLuEAc0 Q==;
X-IronPort-AV: E=Sophos;i="5.36,187,1486378800"; d="scan'208";a="143925709"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.3 - Outgoing - Outgoing
Received: from smtp.uoa.auckland.ac.nz (HELO uxcn13-tdc-b.UoA.auckland.ac.nz) ([10.6.3.3]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 19 Mar 2017 22:06:31 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-b.UoA.auckland.ac.nz (10.6.3.3) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Sun, 19 Mar 2017 22:06:31 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1178.000; Sun, 19 Mar 2017 22:06:31 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "denis bider (Bitvise)" <ietf-ssh3@denisbider.com>, Daniel Migault <daniel.migault@ericsson.com>, curdle <curdle@ietf.org>
Thread-Topic: Comments on draft-ietf-curdle-ssh-ext-info
Thread-Index: AQHSn+vj75AP59wDbUy5ryRiOFPQYKGb4DhQ
Date: Sun, 19 Mar 2017 09:06:30 +0000
Message-ID: <1489914378158.63423@cs.auckland.ac.nz>
References: <2DD56D786E600F45AC6BDE7DA4E8A8C118BA5A70@eusaamb107.ericsson.se> <1489827654266.43895@cs.auckland.ac.nz>, <50977E6A3D174856B8DAF264C3CB81E8@Khan>
In-Reply-To: <50977E6A3D174856B8DAF264C3CB81E8@Khan>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/HTe_apc0BE8_Y70EvGy0kXFMwbA>
Subject: Re: [Curdle] Comments on draft-ietf-curdle-ssh-ext-info
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2017 09:06:38 -0000

denis bider (Bitvise) <ietf-ssh3@denisbider.com> writes:

>There is no reason for a delay, but people do things for which there aren’t
>good reasons, and then others in the future have to compensate. This is to
>nip the problem in the bud.

I don't really see what the problem is though, it's like putting up a "Beware
of the dog" sign on a property with no dog.  The text appears to be warning me
about doing something that I'm not doing anyway, and that I have no idea how
to do.  Since the EXT_INFO has to follow the NEWKEYS, it blocks all other
messages so I couldn't delay it even if I wanted to without stalling the whole
handshake process.
 
>Does the draft need to be modified to make this explicit?

It does need some explanatory text, I think. 
 
>EXT_INFO is sent by the party that sends it, immediately after that party has
>sent its own NEWKEYS. Doing otherwise would contradict the “without delay”
>requirement.

In that case it probably needs some security considerations text if it's sent
before the successful completion of the crypto handshake has been confirmed.
My guess is that putting the EXT_INFO inside the encrypted layer rather than
in the client/server hello like SSL does is to protect it cryptographically,
however sending EXT_INFO before you've got the other side's NEWKEYS means you
could be sending it over a link where the crypto protection hasn't been
successfully activated.
  
>Does the draft need to be modified to clarify this?

Yes, definitely, because I'd implemented it after both sending and receiving
NEWKEYS, for the reason given above.
 
>One extension that needs this exact placement is “delay-compression”. For
>that to work, the client has a need to know whether compression should be
>started at the exact point it receives SSH_MSG_USERAUTH_SUCCESS. But the
>server may be reluctant to advertise its support for compression beforehand.
>Sending the second EXT_INFO at this time is therefore ideal for both parties.
>(If it was sent after SSH_MSG_USERAUTH_SUCCESS, there would be the exact race
>condition that “delay-compression” is trying to solve.)

I think the draft should include some text like this as an explanatory note.
Getting EXT_INFO as a response to USERAUTH isn't a crash-and-burn thing, but
it just seems logically wrong to insert additional stuff in front of the
answer to the question you've asked.  So some explanatory text would be
useful.

>The word “shall” has a well-known meaning in English, and its use in this
>context is defined in RFC 2119. If this word was not meant to be used, I
>think RFC 2119 would not define it.

The issue isn't that it's wrong, but a question of consistency, the rest of
the draft uses MAY and SHOULD, having an alternative synonym used in one
location makes it more difficult to read.
 
>At this point, I can:
> 
>- put it back in, just like it was; or
>- make it an independent submission.

I would put it back.  Having to do an entire RFC to document a single boolean
flag seems like incredible overkill.
 
Peter.

v2.23.0 | Report a Bug | By Email